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DETAILED ACTION 

0. 1 This office action is in response to amendment filed on 2/21/2006. Claims 1, 12 and 17 
are amended. Claims 1-20 are pending. 

Claim Rejections - 35 USC § 103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1, 3-4, 6, 8-17, 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Khazan (US Pub. No. 20050108562 Al) in view of Szor (US Pub. 2004/0158725 Al). 

As to claim 12, Khazan discloses (fig. 4 A; [0040]) shows a malicious code detection 
device (110) including: an intercept module (114; [0073]) for intercepting a request issuing on a 
host computer system prior to the sending of the request from the host computer system to a 
target computer system; an analyzer module (108; [0076]) coupled to the intercept module (1 14); 
Khazan discloses a request database (see figs. 1, 4A) coupled to the analyzer module, the request 
database including one or more request entries, each of the one or more request entries 
identifying a request determined to be suspicious (114; [0032]); and a standards list (106) 
coupled to the analyzer module (108; see [0040; [0072; 0078]). 

Khazan differs from claims 12 in that he does not specifically teach a standard list 
including selected standards for use in determining whether the request is suspicious. However, 
referring to fig. 3, Szor shows a system including selected standards for use in determining 
whether a request is suspicious (see [0025]). 
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Therefore, it would have been obvious to a person of ordinary skill in the art, at the time 
of the invention, to combine Khazan with the dynamic detection of computer worms, as 
disclosed by Szor. Doing so would provide a truly dynamic malicious code detection system, 
which is capable of filtering outgoing traffic on the packet level as well as on the stream level. 

As to claims 13-14, Khazan discloses a malicious code detection device comprising an 
inclusion profile list (1 12) coupled to the analyzer module (104-108). 

As to claims 15-16, Khazan discloses a malicious code detection device, further 
comprising a memory (data storage system 12) area coupled to the intercept module (114) and 
the analyzer module (see [0072]); and, wherein the intercept module (114) includes an 
interception mechanism for intercepting a request ([0073]). 

As to claims 1 and 3, method claims 1 and 3 correspond to apparatus claim 12; therefore, 
they are analyzed as previously discussed in claim 12 above. 

As to claims 17 and 19, the claims have substantially the limitations of claim 12; 
therefore, they are analyzed as discussed in claim 12 above. 

As to claims 4, 6 and 8, Khazan discloses a method, further releasing the request upon a 
determination that the request is not suspicious (fig. 8; [0094]). 

As to claim 9-11, Khazan discloses a method, wherein the request is an HTTP GET 
request; and, wherein the intercepting a request on a host computer system occurs at the 
application level ([0036; 0045]). 
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Allowable Subject Matter 

3. Claims 2, 5, 7, 18 and 20 are objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the limitations of the 
base claim and any intervening claims. 

Response to Arguments 

4. Applicant's arguments with respect to claims 1-20 have been considered but are moot in 
view of the new ground(s) of rejection. The prior art of Szor has been added for new ground of 
rejection. 

Conclusion 

5. Any response to this action should be mailed to: 
Commissioner of Patents and Trademarks, Washington, D.C. 20231 

or faxed to: (703) 872-9306 for all formal communications. 

Hand-delivered responses should be brought to Crystal Park n, 2121 Crystal Drive, 
Arlington, VA, Fourth Floor (Receptionist). 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Fritz Alphonse, whose telephone number is (571) 272-3813. The 
examiner can normally be reached on M-F, 8:30-6:00, Alt. Mondays off. 

If attempts to reach the examiner by telephone are unsuccessful, the examinees 
supervisor, Albert De Cady, can be reached at (571) 272-3819. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the Group receptionist whose telephone number is (571) 272-3824. 
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Information regarding the status of an application may also be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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